pool/evolution
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/evolution?expand=0&rev=38

Browse Source
This commit is contained in:
OBS User unknown 2008-06-05 15:24:27 +00:00 committed by Git OBS Bridge
parent ef10dddc35
commit dc48eb1701
6 changed files with 458 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
bgo-395708_prefer-plain.patch Normal file
View File

@ -0,0 +1,48 @@
--- plugins/prefer-plain/prefer-plain.c 2008/05/27 04:17:04 35553
+++ plugins/prefer-plain/prefer-plain.c 2008/05/27 12:38:24 35554
@@ -99,20 +99,41 @@
int i, nparts, partidlen, displayid = 0;
if (epp_mode == EPP_NORMAL) {
+ gboolean have_plain = FALSE;
+
/* Try to find text/html part even when not as last and force to show it.
Old handler will show the last part of multipart/alternate, but if we
- can offer HTML, then offer it, regardless of position in multipart. */
+ can offer HTML, then offer it, regardless of position in multipart.
+ But do this only when have text/plain in a list, because otherwise it
+ can be something else (like outlooks meeting invites with only text/html
+ part and calendar part).
+ */
nparts = camel_multipart_get_number (mp);
for (i = 0; i < nparts; i++) {
+ CamelContentType *content_type;
+
part = camel_multipart_get_part (mp, i);
- if (part && camel_content_type_is (camel_mime_part_get_content_type (part), "text", "html")) {
+
+ if (!part)
+ continue;
+
+ content_type = camel_mime_part_get_content_type (part);
+
+ if (camel_content_type_is (content_type, "text", "html")) {
displayid = i;
display_part = part;
- break;
+
+ if (have_plain)
+ break;
+ } else if (camel_content_type_is (content_type, "text", "plain")) {
+ have_plain = TRUE;
+
+ if (display_part)
+ break;
}
}
- if (display_part) {
+ if (display_part && have_plain) {
g_string_append_printf (t->format->part_id, ".alternative.%d", displayid);
em_format_part_as (t->format, t->stream, display_part, "text/html");
g_string_truncate (t->format->part_id, partidlen);

10
bnc-394441-exchange-addbook-crash.diff Normal file
View File

@ -0,0 +1,10 @@
--- plugins/exchange-operations/exchange-contacts.c 2008-05-02 01:25:38.000000000 +0530
+++ plugins/exchange-operations/exchange-contacts.c 2008-05-26 16:28:51.000000000 +0530
@@ -491,6 +491,7 @@ e_exchange_contacts_commit (EPlugin *epl
if (authtype) {
e_source_set_property (source, "auth-type", authtype);
g_free (authtype);
+ authtype=NULL;
}
e_source_set_property (source, "auth", "plain/password");
if (rename) {

311
bug-394641_evo-CVE-2008-1108.diff Normal file
View File

@ -0,0 +1,311 @@
Index: calendar/gui/e-itip-control.c
===================================================================
--- calendar/gui/e-itip-control.c (revision 35555)
+++ calendar/gui/e-itip-control.c (working copy)
@@ -660,7 +660,7 @@ find_attendee (icalcomponent *ical_comp,
static void
write_label_piece (EItipControl *itip, ECalComponentDateTime *dt,
- char *buffer, int size,
+ GString *buffer,
const char *stext, const char *etext,
gboolean just_date)
{
@@ -685,13 +685,13 @@ write_label_piece (EItipControl *itip, E
tmp_tm.tm_hour = tmp_tm.tm_min = tmp_tm.tm_sec = 0;
if (stext != NULL)
- strcat (buffer, stext);
+ g_string_append (buffer, stext);
e_time_format_date_and_time (&tmp_tm,
calendar_config_get_24_hour_format (),
FALSE, FALSE,
time_buf, sizeof (time_buf));
- strcat (buffer, time_buf);
+ g_string_append (buffer, time_buf);
if (!dt->value->is_utc && dt->tzid) {
zone = icalcomponent_get_timezone (priv->top_level, dt->tzid);
@@ -703,21 +703,21 @@ write_label_piece (EItipControl *itip, E
UTF-8. But it probably is not translated. */
display_name = icaltimezone_get_display_name (zone);
if (display_name && *display_name) {
- strcat (buffer, " <font size=-1>[");
+ g_string_append_len (buffer, " <font size=-1>[", 16);
/* We check if it is one of our builtin timezone names,
in which case we call gettext to translate it. */
if (icaltimezone_get_builtin_timezone (display_name)) {
- strcat (buffer, _(display_name));
+ g_string_append_printf (buffer, "%s", _(display_name));
} else {
- strcat (buffer, display_name);
+ g_string_append_printf (buffer, "%s", display_name);
}
- strcat (buffer, "]</font>");
+ g_string_append_len (buffer, "]</font>", 8);
}
}
if (etext != NULL)
- strcat (buffer, etext);
+ g_string_append (buffer, etext);
}
static const char *
@@ -754,19 +754,17 @@ get_dayname (struct icalrecurrencetype *
static void
write_recurrence_piece (EItipControl *itip, ECalComponent *comp,
- char *buffer, int size)
+ GString *buffer)
{
GSList *rrules;
struct icalrecurrencetype *r;
- int len, i;
+ int i;
- strcpy (buffer, "<b>Recurring:</b> ");
- len = strlen (buffer);
- buffer += len;
- size -= len;
+ g_string_append_len (buffer, "<b>Recurring:</b> ", 18);
if (!e_cal_component_has_simple_recurrence (comp)) {
- strcpy (buffer, _("Yes. (Complex Recurrence)"));
+ g_string_append_printf (
+ buffer, "%s", _("Yes. (Complex Recurrence)"));
return;
}
@@ -782,7 +780,10 @@ write_recurrence_piece (EItipControl *it
Every %d day/days" */
/* For Translators : 'Every day' is event Recurring every day */
/* For Translators : 'Every %d days' is event Recurring every %d days. %d is a digit */
- sprintf (buffer, ngettext("Every day", "Every %d days", r->interval), r->interval);
+ g_string_append_printf (
+ buffer, ngettext ("Every day",
+ "Every %d days", r->interval),
+ r->interval);
break;
case ICAL_WEEKLY_RECURRENCE:
@@ -792,29 +793,36 @@ write_recurrence_piece (EItipControl *it
Every %d week/weeks" */
/* For Translators : 'Every week' is event Recurring every week */
/* For Translators : 'Every %d weeks' is event Recurring every %d weeks. %d is a digit */
- sprintf (buffer, ngettext("Every week", "Every %d weeks", r->interval), r->interval);
+ g_string_append_printf (
+ buffer, ngettext ("Every week",
+ "Every %d weeks", r->interval),
+ r->interval);
} else {
/* For Translators : 'Every week on' is event Recurring every week on (dayname) and (dayname) and (dayname) */
/* For Translators : 'Every %d weeks on' is event Recurring: every %d weeks on (dayname) and (dayname). %d is a digit */
- sprintf (buffer, ngettext("Every week on ", "Every %d weeks on ", r->interval), r->interval);
+ g_string_append_printf (
+ buffer, ngettext ("Every week on ",
+ "Every %d weeks on ", r->interval),
+ r->interval);
for (i = 1; i < 8 && r->by_day[i] != ICAL_RECURRENCE_ARRAY_MAX; i++) {
if (i > 1)
- strcat (buffer, ", ");
- strcat (buffer, get_dayname (r, i - 1));
+ g_string_append_len (buffer, ", ", 2);
+ g_string_append (buffer, get_dayname (r, i - 1));
}
if (i > 1)
/* For Translators : 'and' is part of the sentence 'event recurring every week on (dayname) and (dayname)' */
- strcat (buffer, _(" and "));
- strcat (buffer, get_dayname (r, i - 1));
+ g_string_append_printf (buffer, "%s", _(" and "));
+ g_string_append (buffer, get_dayname (r, i - 1));
}
break;
case ICAL_MONTHLY_RECURRENCE:
if (r->by_month_day[0] != ICAL_RECURRENCE_ARRAY_MAX) {
/* For Translators : 'The %s day of' is part of the sentence 'event recurring on the (nth) day of every month.' */
- sprintf (buffer, _("The %s day of "),
- nth (r->by_month_day[0]));
+ g_string_append_printf (
+ buffer, _("The %s day of "),
+ nth (r->by_month_day[0]));
} else {
int pos;
@@ -828,20 +836,21 @@ write_recurrence_piece (EItipControl *it
/* For Translators : 'The %s %s of' is part of the sentence 'event recurring on the (nth) (dayname) of every month.'
eg,third monday of every month */
- sprintf (buffer, _("The %s %s of "),
- nth (pos), get_dayname (r, 0));
+ g_string_append_printf (
+ buffer, _("The %s %s of "),
+ nth (pos), get_dayname (r, 0));
}
- len = strlen (buffer);
- buffer += len;
- size -= len;
/* For Translators: In this can also be translated as "With the period of %d
month/months", where %d is a number. The entire sentence is of the form "Recurring:
Every %d month/months" */
/* For Translators : 'every month' is part of the sentence 'event recurring on the (nth) day of every month.' */
/* For Translators : 'every %d months' is part of the sentence 'event recurring on the (nth) day of every %d months.'
%d is a digit */
- sprintf (buffer, ngettext("every month","every %d months", r->interval), r->interval);
+ g_string_append_printf (
+ buffer, ngettext ("every month",
+ "every %d months", r->interval),
+ r->interval);
break;
case ICAL_YEARLY_RECURRENCE:
@@ -850,20 +859,22 @@ write_recurrence_piece (EItipControl *it
Every %d year/years" */
/* For Translators : 'Every year' is event Recurring every year */
/* For Translators : 'Every %d years' is event Recurring every %d years. %d is a digit */
- sprintf (buffer, ngettext("Every year", "Every %d years", r->interval), r->interval);
+ g_string_append_printf (
+ buffer, ngettext ("Every year",
+ "Every %d years", r->interval),
+ r->interval);
break;
default:
g_return_if_reached ();
}
- len = strlen (buffer);
- buffer += len;
- size -= len;
if (r->count) {
/* For Translators:'a total of %d time' is part of the sentence of the form 'event recurring every day,a total of % time.' %d is a digit*/
/* For Translators:'a total of %d times' is part of the sentence of the form 'event recurring every day,a total of % times.' %d is a digit*/
- sprintf (buffer, ngettext("a total of %d time", " a total of %d times", r->count), r->count);
+ g_string_append_printf (
+ buffer, ngettext ("a total of %d time",
+ " a total of %d times", r->count), r->count);
} else if (!icaltime_is_null_time (r->until)) {
ECalComponentDateTime dt;
@@ -871,12 +882,12 @@ write_recurrence_piece (EItipControl *it
dt.value = &r->until;
dt.tzid = icaltimezone_get_tzid ((icaltimezone *)r->until.zone);
- write_label_piece (itip, &dt, buffer, size,
+ write_label_piece (itip, &dt, buffer,
/* For Translators : ', ending on' is part of the sentence of the form 'event recurring every day, ending on (date).'*/
_(", ending on "), NULL, TRUE);
}
- strcat (buffer, "<br>");
+ g_string_append_len (buffer, "<br>", 4);
}
static void
@@ -884,47 +895,51 @@ set_date_label (EItipControl *itip, GtkH
ECalComponent *comp)
{
ECalComponentDateTime datetime;
- static char buffer[1024];
+ GString *buffer;
gchar *str;
gboolean wrote = FALSE, task_completed = FALSE;
ECalComponentVType type;
+ buffer = g_string_sized_new (1024);
type = e_cal_component_get_vtype (comp);
- buffer[0] = '\0';
e_cal_component_get_dtstart (comp, &datetime);
if (datetime.value) {
/* For Translators : 'starts' is starts:date implying a task starts on what date */
str = g_strdup_printf ("<b>%s:</b>", _("Starts"));
- write_label_piece (itip, &datetime, buffer, 1024,
- str,
- "<br>", FALSE);
- gtk_html_write (html, html_stream, buffer, strlen(buffer));
+ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+ gtk_html_write (html, html_stream, buffer->str, buffer->len);
wrote = TRUE;
g_free (str);
}
e_cal_component_free_datetime (&datetime);
- buffer[0] = '\0';
+ /* Reset the buffer. */
+ g_string_truncate (buffer, 0);
+
e_cal_component_get_dtend (comp, &datetime);
if (datetime.value){
/* For Translators : 'ends' is ends:date implying a task ends on what date */
str = g_strdup_printf ("<b>%s:</b>", _("Ends"));
- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE);
- gtk_html_write (html, html_stream, buffer, strlen (buffer));
+ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+ gtk_html_write (html, html_stream, buffer->str, buffer->len);
wrote = TRUE;
g_free (str);
}
e_cal_component_free_datetime (&datetime);
- buffer[0] = '\0';
+ /* Reset the buffer. */
+ g_string_truncate (buffer, 0);
+
if (e_cal_component_has_recurrences (comp)) {
- write_recurrence_piece (itip, comp, buffer, 1024);
- gtk_html_write (html, html_stream, buffer, strlen (buffer));
+ write_recurrence_piece (itip, comp, buffer);
+ gtk_html_write (html, html_stream, buffer->str, buffer->len);
wrote = TRUE;
}
- buffer[0] = '\0';
+ /* Reset the buffer. */
+ g_string_truncate (buffer, 0);
+
datetime.tzid = NULL;
e_cal_component_get_completed (comp, &datetime.value);
if (type == E_CAL_COMPONENT_TODO && datetime.value) {
@@ -932,20 +947,22 @@ set_date_label (EItipControl *itip, GtkH
timezone. */
str = g_strdup_printf ("<b>%s:</b>", _("Completed"));
datetime.value->is_utc = TRUE;
- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE);
- gtk_html_write (html, html_stream, buffer, strlen (buffer));
+ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+ gtk_html_write (html, html_stream, buffer->str, buffer->len);
wrote = TRUE;
task_completed = TRUE;
g_free (str);
}
e_cal_component_free_datetime (&datetime);
- buffer[0] = '\0';
+ /* Reset the buffer. */
+ g_string_truncate (buffer, 0);
+
e_cal_component_get_due (comp, &datetime);
if (type == E_CAL_COMPONENT_TODO && !task_completed && datetime.value) {
str = g_strdup_printf ("<b>%s:</b>", _("Due"));
- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE);
- gtk_html_write (html, html_stream, buffer, strlen (buffer));
+ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+ gtk_html_write (html, html_stream, buffer->str, buffer->len);
wrote = TRUE;
g_free (str);
}
@@ -954,6 +971,8 @@ set_date_label (EItipControl *itip, GtkH
if (wrote)
gtk_html_stream_printf (html_stream, "<br>");
+
+ g_string_free (buffer, TRUE);
}
static void

62
bug-394641_evo-CVE-2008-1109.diff Normal file
View File

@ -0,0 +1,62 @@
Index: calendar/gui/itip-utils.c
===================================================================
--- calendar/gui/itip-utils.c (revision 35555)
+++ calendar/gui/itip-utils.c (working copy)
@@ -172,50 +172,16 @@ get_attendee_if_attendee_sentby_is_user
}
static char *
-html_new_lines_for (char *string)
+html_new_lines_for (const char *string)
{
- char *html_string = (char *) malloc (sizeof (char)* (3500));
- int length = strlen (string);
- int index = 0;
- char *index_ptr = string;
- char *temp = string;
+ gchar **lines;
+ gchar *joined;
- /*Find the first occurence*/
- index_ptr = strstr ((const char *)temp, "\n");
+ lines = g_strsplit_set (string, "\n", -1);
+ joined = g_strjoinv ("<br>", lines);
+ g_strfreev (lines);
- /*Doesn't occur*/
- if (index_ptr == NULL) {
- strcpy (html_string, (const char *)string);
- html_string[length] = '\0';
- return html_string;
- }
-
- /*Split into chunks inserting <br> for \n */
- do{
- while (temp != index_ptr){
- html_string[index++] = *temp;
- temp++;
- }
- temp++;
-
- html_string[index++] = '<';
- html_string[index++] = 'b';
- html_string[index++] = 'r';
- html_string[index++] = '>';
-
- index_ptr = strstr ((const char *)temp, "\n");
-
- } while (index_ptr);
-
- /*Don't leave out the last chunk*/
- while (*temp != '\0'){
- html_string[index++] = *temp;
- temp++;
- }
-
- html_string[index] = '\0';
-
- return html_string;
+ return joined;
}
char *

10
evolution.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Mon Jun 2 10:43:43 CEST 2008 - abharath@suse.de
- Added
- bnc#394641 - VUL-0: evolution buffer overflows
Patches Added:
bug-394641_evo-CVE-2008-1108.diff
bug-394641_evo-CVE-2008-1109.diff
- bnc#395708 - bgo-395708_prefer-plain.patch - Outlook meeting invites look as text messages
- bnc#394441 - bnc-394441-exchange-addbook-crash.diff - Addressbook crash
------------------------------------------------------------------- -------------------------------------------------------------------
Wed May 21 21:27:53 IST 2008 - msuman@suse.de Wed May 21 21:27:53 IST 2008 - msuman@suse.de

18
evolution.spec
View File

@ -22,7 +22,7 @@ AutoReqProv: on
# BASE_VERSION (as defined in configure.in). # BASE_VERSION (as defined in configure.in).
%define evolution_base_version 2.22 %define evolution_base_version 2.22
Version: 2.22.1.1 Version: 2.22.1.1
Release: 9 Release: 14
Summary: The Integrated GNOME Mail, Calendar, and Address Book Suite Summary: The Integrated GNOME Mail, Calendar, and Address Book Suite
#Source: ftp://ftp.gnome.org/pub/gnome/sources/evolution/2.22/%{name}-%{version}.tar.bz2 #Source: ftp://ftp.gnome.org/pub/gnome/sources/evolution/2.22/%{name}-%{version}.tar.bz2
Source0: %{name}-%{version}.tar.bz2 Source0: %{name}-%{version}.tar.bz2
@ -58,6 +58,10 @@ Patch13: bgo-531519-print-preview-crash.patch
Patch14: bgo-534012-backup-permission.patch Patch14: bgo-534012-backup-permission.patch
# PATCH-FIX-UPSTREAM bgo-533820-fix-crash-on-border-clicking-meetings.diff bgo#533820 bnc#391993 pchenthill@suse.de -- Patch is in Upstream now # PATCH-FIX-UPSTREAM bgo-533820-fix-crash-on-border-clicking-meetings.diff bgo#533820 bnc#391993 pchenthill@suse.de -- Patch is in Upstream now
Patch15: bgo-533820-fix-crash-on-border-clicking-meetings.diff Patch15: bgo-533820-fix-crash-on-border-clicking-meetings.diff
Patch16: bnc-394441-exchange-addbook-crash.diff
Patch17: bgo-395708_prefer-plain.patch
Patch18: bug-394641_evo-CVE-2008-1108.diff
Patch19: bug-394641_evo-CVE-2008-1109.diff
Url: http://gnome.org/projects/evolution/ Url: http://gnome.org/projects/evolution/
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: yelp Requires: yelp
@ -296,6 +300,10 @@ Authors:
%patch13 %patch13
%patch14 %patch14
%patch15 %patch15
%patch16
%patch17
%patch18
%patch19
%build %build
autoreconf -f -i autoreconf -f -i
@ -407,6 +415,14 @@ fi
%{_libdir}/evolution/*/conduits/*.so %{_libdir}/evolution/*/conduits/*.so
%changelog %changelog
* Mon Jun 02 2008 abharath@suse.de
- Added
- bnc#394641 - VUL-0: evolution buffer overflows
Patches Added:
bug-394641_evo-CVE-2008-1108.diff
bug-394641_evo-CVE-2008-1109.diff
- bnc#395708 - bgo-395708_prefer-plain.patch - Outlook meeting invites look as text messages
- bnc#394441 - bnc-394441-exchange-addbook-crash.diff - Addressbook crash
* Wed May 21 2008 msuman@suse.de * Wed May 21 2008 msuman@suse.de
- Added - Added
+ bgo-534012-backup-permission.patch (Sankar P) + bgo-534012-backup-permission.patch (Sankar P)